Medprax Privacy Policy
Download our Privacy Policy
Medprax (Pty) Ltd (“Medprax”) is committed to protecting your privacy and complying with applicable data protection and privacy laws. This Privacy Policy will inform you as to how we process your Personal Information when you engage with us and tell you about your privacy rights and how the law protects you (as Data Subject).It is important that you read this Privacy Policy so that you are fully aware of how and why we are using your Personal Information. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.By submitting Personal Information to us, it will be seen as your consent to us to process the Personal Information. Reference to “consent”, “your consent” or “your explicit consent” shall include the ticking of a tick box or clicking on a “Submit”, “Register” or “I agree” button on our site(s). ∞
1. Important Information and who we are
Responsible Party |
| Information Officer |
| Complaints | |
Medprax (Pty) Ltd is the Responsible Party and responsible for your Personal Information (collectively referred to as “Medprax”, “we”, “us” or “our” in this Privacy Policy). |
| Full Name: | Sharde Coetzee |
| You can lodge a complaint with the Information Regulator: |
| Contact Details: | +27 31 904 9213 |
| ||
| Email: |
| We encourage you to contact us first to resolve any issues. | ||
a) Privacy Policy Updates
- We regularly review our Privacy Policy. The latest update date is on the first page. Older versions are available upon request. Future changes will be posted on our website or shared during your interactions with us, and will apply immediately once published.
- Please keep your Personal Information accurate and up to date by informing us of any changes during your relationship with us.
b) Third-Party Sites: We do not control third-party sites linked to ours. These sites may use cookies or collect your data. We are not responsible for how these sites handle user information.
c) Third-Party links: Our Site(s) may link to external websites, plugins, or apps. Sharing your Personal Information with them is at your own risk—we are not liable for any loss or damage resulting from such disclosures, as we do not control how third parties use your data. Always read their privacy policies when you leave our site.
2. The data we collect about you
a) We collect your Personal Information, as defined in this Policy. It does not include data where the identity of the Data Subject has been removed (anonymous data).
b) We may Process different kinds of Personal Information about you when we engage with you, which we have grouped together as follows:
Type of Data | Details |
| |
Identity Data | First name, Last name, Age, Nationality, Username or Similar Identifier, Job Title, Date of Birth and Gender; |
Contact Data | Billing address, Physical address, Delivery address, Email address, Telephone numbers, and details of your public social media profiles; |
Financial Data | Payment card details and/or banking details. |
Transaction Data | Details about payments to and from us and other details of Services you have accessed on our website; |
Technical Data | Internet protocol (IP) address, Your login data, Browser type and version, Time zone setting and location, Browser plug-in types and versions, Operating system and platform, Other technology on the devices you use to access this website/ portal; |
Usage Data | Information relating to interaction with our website, products and services, including URL clickstream data, pages or services viewed, performance and error data, interaction and navigation behaviour, customer service contact details, and service transaction instructions exchanged via our APIs. |
Marketing and Communications Data | Marketing preferences in receiving marketing from Medprax and third parties, your communication preferences (communications related to the Services). |
Aggregate data and pattern data | Aggregated statistical, demographic or transactional information derived from Personal Information, which does not identify a Data Subject. If combined with Personal Information so as to enable identification, it will be treated as Personal Information and processed in accordance with this Privacy Policy. |
Additional Personal Information | You may choose to provide additional Personal Information to us. When you do so, you agree to provide accurate and current information, and to not impersonate or misrepresent any person or entity or falsely state your affiliation with anyone or anything. |
c) You may choose to provide additional Personal Information to us, in which event you agree to provide accurate and current information, and not to impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent your affiliation with anyone or anything.
d) We do not collect any Special Personal Information about you, unless we have received your consent.
e) Submission of Personal Information on Behalf of Another: If you submit someone else’s personal information, you must obtain their consent first. We will assume you have this consent and process the information as instructed. By submitting such information, you agree to indemnify us against any third-party claims related to a lack of proper consent or legal exception.
f) If you fail to provide Personal Information: If required by law or contract, we may not be able to offer or continue Services if you do not provide requested Personal Information. If this happens, we will let you know.
g) We do not process the information of children.
3. How is personal information collected
We use different methods to collect data from and about you including through:
Direct Interactions |
| Automated technologies |
| Third Parties/Publicly Available Sources |
Instruct us to provide certain Services |
| As you interact with our Services, we will automatically collect Technical Data about your equipment, browsing actions, patterns, and device(s). This Personal Information is collected by using cookies (see section 4 below), server logs and other similar technologies; |
| Analytics providers such as Google; |
4. Cookies
See our Cookies Policy.
5. How we use your personal information
a) We will not sell your Personal Information. We will only use Personal Information within the framework of the law. Most commonly, we will use Personal Information in the following circumstances:
- where you have given us your consent; or
- iwhere we need to perform the contract, we are about to enter into or have entered into with you; or
- where it is necessary for the protection of the Data Subject’s legitimate interest; or
- where it is necessary for our legitimate interests (or those of a Third-Party) and your interests and fundamental rights do not override those interests; or
- where we need to comply with a legal obligation.
b) We will get your consent before sending third-party direct-marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us or using such automated facilities made available by us.
c) Purposes for which we will use Personal Information
- The table below outlines how we use Personal Information and the legal grounds for doing so, including legitimate interests where relevant.
- We may process your data under multiple lawful bases depending on its use. Contact us if you need clarification about which legal basis applies to your case.
Purpose/Activity |
| Type of Data |
| Lawful basis |
Client account creation and order placement/service booking | Identity and contact information | Consent / Contract | ||
Provision of services and contract performance | Identity, contact, financial and transactional information | Contract | ||
Communication and client relationship management | Identity and contact information | Consent / Legitimate interests | ||
Billing and payment administration | Financial and transactional information | Contract / Legal obligation | ||
Marketing (where permitted) | Identity, contact and marketing preferences | Consent / Legitimate interests (existing clients) | ||
Website administration, analytics and business operations | Technical and usage data | Legitimate interests | ||
Compliance with legal and regulatory obligations | Information required by law or regulation | Legal obligation | ||
Processing orders and fulfilment (including delivery and collection), provision of products and related services (including repairs, replacements and returns) | Identity, contact and transactional information | Contract / Legal obligation | ||
Delivery logistics, courier coordination and tracking | Identity, contact and delivery information | Contract / Legitimate interests | ||
Customer support and after-sales service (including complaints, warranties and returns) | Identity, contact and transactional information | Contract / Legal obligation |
d) Marketing: We strive to provide you with choices regarding certain Personal Information uses, particularly around marketing and advertising.
i ) Promotional Offers
(1) For Clients:
(a) We may use your contact details to send service-related communications. You may opt out at any time (see section 5 iii below).
(2) For Non-Clients:
(a) We may collect your email through staff or our mailing system. We will obtain your consent before sending direct marketing (opt-in).
ii) Third-party marketing
(1) We will get your express opt-in consent before we share your Personal Information with any third-party for marketing purposes.
(2) TAKE NOTE: We may share anonymised, aggregated data for advertising, but IMPORTANT: we never disclose information that identifies individuals.
iii) Opting out
(1) You can ask us or third-parties to stop sending you marketing messages at any time by logging into the website or unsubscribe on the email communication or by contacting us at any time and requesting to op-out of our marketing services.
(2) Where you opt out of receiving these marketing messages, this will not apply to Personal Information provided to us as a result of a Service purchase, service experience or other transactions.
e) Automated processing and decision making
i) We do not use any automated processing and/or decision-making tools, including but not limited to AI Systems, to process your Personal Data in order to provide its Services. In the event that this should change, we will update this Policy to reflect same.
f) Change of purpose.
i) We will only use your Personal Information for its original purpose or a compatible purpose.
ii) For any unrelated use, we will notify you and explain the legal basis.
iii) Your information may also be processed without your knowledge or consent when required or permitted by law.
6. Disclosures of personal information
a) We may share Personal Information with the following parties for the purposes outlined above:
i) Internal Third-Parties: Our group companies, partners, or correspondents, who are required to follow this Policy when processing your Personal Information.
ii) External Third-Parties: Defined in the Definitions section, as well as those specified by your instructions.
iii) Third-Parties involved in business changes: If we sell, transfer, or merge our business or assets, new owners may use your Personal Information per this Privacy Policy.
b) All Third-Parties must protect your Personal Information, act lawfully, and only process it for approved purposes per our instructions. Service providers are not permitted to use your Personal Information for their own purposes.
c) We may also share Personal Information with External Third-Parties if necessary to:
i) Comply with laws, regulations, or legal requests;
ii) Enforce our Terms of Use and investigate potential violations;
iii) Address fraud, security, or technical issues;
iv) Protect against imminent harm to the rights, property, or safety of Elemental Numerics, website users, or the public, as allowed by law.
7. International transfers
a) We may transfer your personal data internationally to support our business or provide global services. All transfers comply with Data Protection Legislation.
b) We maintain records of all cross-border transfers and safeguards, and will provide this information on request.
c) By submitting your Personal Data, you consent to its transfer outside your country when necessary.
8. Data Security
a) We’ve implemented technological and organisational safeguards to protect Personal Information from loss, unauthorised access, alteration, or disclosure. Access is restricted to those with a business need, all of whom are bound by confidentiality.
b) Procedures are in place for suspected breaches; we will notify you and regulators if legally required.
c) Certain legislation obliges us to report specific offences to authorities within set timeframes. We cannot be held responsible for any resulting consequences from such reporting.
9. Data retention
How long will we use your Personal Information for?
a) As long as needed to fulfill the purposes it was collected for and meet legal, regulatory, tax, accounting, or reporting requirements. If necessary, we may retain it longer for complaints or best practices related to our relationship with you.
b) You may request deletion of your data; see your legal rights below.
c) Retention periods depend on the type and sensitivity of your Personal Information, risk of unauthorised disclosure, processing purposes, and applicable laws.
d) Sometimes we anonymize your data for research or statistics so it’s no longer linked to you, and may use this indefinitely without further notice.
10. Records
We will maintain thorough, accurate, and current records of Personal Information processing, including access, control, security, approved subcontractors, purposes and categories of processing, transfers to third countries and safeguards, customer instructions, and an overview of technical and organisational security measures, as well as the retention and disposal of Personal Information.
11. Social Media
a) Our website, app, or services may offer social plug-ins from platforms like Facebook, Instagram, or LinkedIn. If you interact with these networks via our site, your activity may be visible to them and reflected in your profile according to your privacy settings. To prevent this, log out of your social account or adjust your privacy preferences before visiting.
b) Communication and engagement on external social media networks are governed by their individual terms and privacy policies.
c) Please use social media responsibly and with care. We will never request personal or sensitive information through social media; for such matters, please contact us directly by phone or email.
d) Our social media pages may share links, and some platforms shorten URLs. Check the authenticity of links before clicking, as we cannot guarantee safety against spam or hacking and are not liable for any resulting damages.
12. Data subjects legal rights
a) Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Information:
i) Request for Access: You may request access to the Personal Information we hold about you (a “data subject access request”). A prescribed fee may apply. Please refer to our PAIA Manual on our website.
ii) Request Correction: You may request that inaccurate or incomplete Personal Information be corrected, subject to verification.
iii) Request Deletion: You may request deletion of your Personal Information where there is no lawful basis to continue processing it. Erasure may be refused where required by law. This does not limit our rights to use Aggregate Data and Pattern Data.
iv) Object to Processing: You may object to processing based on legitimate interests or for direct marketing purposes, unless we have compelling legitimate grounds to continue.
v) Request restriction of processing: You may request restriction of processing where accuracy is disputed, processing is unlawful, the data is required for legal claims, or an objection is under consideration.
vi) Withdraw consent at any time: Where processing is based on consent, you may withdraw consent at any time. This will not affect prior lawful processing and may limit the Services we can provide.
b) If you wish to exercise any of the rights set out above, please contact us at the details mentioned 1)c) above.
c) Fee required: No fee is payable unless prescribed by law. We may charge a reasonable fee or refuse requests that are unfounded, repetitive or excessive.
d) Verification: We may request information to verify your identity and protect your Personal Information.
e) Response Time: We aim to respond within 30 (thirty) days, unless the request is complex, in which case we will notify you.
13. Subcontractors
We may appoint subcontractors to assist in providing our services. All subcontractors are required to adhere to applicable data protection legislation and contractual obligations to ensure the confidentiality and security of your Personal Information.
14. Personal information breach
a) In the event of a security compromise as contemplated in section 22 of POPIA, we are committed to managing the incident promptly, responsibly, and transparently. Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and the affected data subjects as soon as reasonably possible after becoming aware of the compromise, unless the identity of the data subjects cannot be established.
b) Such notification will be provided in accordance with section 22(4) of POPIA and will include sufficient information to allow affected data subjects to take protective measures, including:
i) A description of the possible consequences of the security compromise;
ii) A description of the measures taken or proposed to be taken by us to address the security compromise;
iii) Recommendations to the data subject on how to mitigate the potential adverse effects of the security compromise; and
iv) If known, the identity of the unauthorised person who may have accessed or acquired the personal information.
c) We maintain a record of all breaches, even those not requiring notification, to ensure compliance with the Data Protection Legislation.
14. Definitions
a) Artificial Intelligence (AI) System or AI Systems means a computer-based technology which is designed to perform tasks that typically require human intelligence. It encompasses a variety of techniques, such as machine learning and natural language processing, enabling the system to learn, adapt and make decisions autonomously.
b) Channels: means any of our technology channels made available for you to access our Services, for example, websit(s), App(s) or social media sites;
c) Child means a natural person under the age of 18 years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him – or herself.
d) Consent means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of Personal Information.
e) Data Subject means the person to whom Personal Information relates and, in this document, refers to you as the party providing Personal Information that will be processed by us or a relevant third-party.
f) Data Protection Legislation means any and all applicable laws relating to the protection of data or of Personal Information and shall include the Protection of Personal Information as per the POPI Act,
g) Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best Service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
h) Operator means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.
i) Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
j) PAI Act means the Promotion of Access to Information Act, Act 2 of 2000.
k) Personal Information/Data means information as defined under applicable data protection legislation.
l) POPIA means the Protection of Personal Information Act, Act 4 of 2013
m) Personnel means Medprax employees, directors or authorised sub-contractors.
n) Responsible Party means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information.
o) Services has the same meaning as per our Terms of Use via any of our channels/technologies.
p) Sites means our website, and or App and/or social media sites and/or other communication channels;
q) Special Personal Information means information that may be sensitive information, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and biometric information or criminal convictions and offences.
r) THIRD-PARTIES:
i) Internal Third-Parties: Partners, affiliates, employees, shareholders, directors and/ or agents of Medprax (if applicable), acting as joint responsible parties or operators and who may also provide IT and system administration services and undertake leadership reporting.
ii) External Third-Parties:
(1) Service providers acting as operators who provide IT and system administration services
(2) Professional advisers acting as operators (i.e. correspondents and counsel/advocates) or joint Responsible Parties, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
(3) Professional advisers acting as operators (i.e. correspondents and counsel/advocates) or joint Responsible Parties, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
(4) The South African Revenue Services, regulators and other authorities acting as operators or joint Responsible Parties who require reporting of processing activities in certain circumstances
(5) Courts of law or any other authorities where we have an obligation under law to share your Personal Information
(6) In the event that we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business or assets.
